Share Email Print

Proceedings Paper

A system-awareness decision classifier to automated MSN forensics
Author(s): Yin-Teshou Tsao Chu; Kuo-Pao Fan; Ya-Wen Cheng; Po-Kai Tseng
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Data collection is the most important stage in network forensics; but under the resource constrained situations, a good evidence collection mechanism is required to provide effective event collections in a high network traffic environment. In literatures, a few network forensic tools offer MSN-messenger behavior reconstruction. Moreover, they do not have classification strategies at the collection stage when the system becomes saturated. The emphasis of this paper is to address the shortcomings of the above situations and pose a solution to select a better classification in order to ensure the integrity of the evidences in the collection stage under high-traffic network environments. A system-awareness decision classifier (SADC) mechanism is proposed in this paper. MSN-shot sensor is able to adjust the amount of data to be collected according to the current system status and to keep evidence integrity as much as possible according to the file format and the current system status. Analytical results show that proposed SADC to implement selective collection (SC) consumes less cost than full collection (FC) under heavy traffic scenarios. With the deployment of the proposed SADC mechanism, we believe that MSN-shot is able to reconstruct the MSN-messenger behaviors perfectly in the context of upcoming next generation network.

Paper Details

Date Published: 10 September 2007
PDF: 9 pages
Proc. SPIE 6776, Broadband Access Communication Technologies II, 67760O (10 September 2007); doi: 10.1117/12.752591
Show Author Affiliations
Yin-Teshou Tsao Chu, National Chung Cheng Univ. (Taiwan)
Kuo-Pao Fan, Industrial Technology Research Institute of Taiwan (Taiwan)
Ya-Wen Cheng, National Chung Cheng Univ. (Taiwan)
Po-Kai Tseng, National Chung-Cheng Univ. (Taiwan)

Published in SPIE Proceedings Vol. 6776:
Broadband Access Communication Technologies II
Raj Jain; Benjamin B. Dingel; Shozo Komaki; Shlomo Ovadia, Editor(s)

© SPIE. Terms of Use
Back to Top